FreeIPA - Password Expiration
Prashant Bapat
prashant at apigee.com
Tue Apr 5 07:07:30 EDT 2016
Hi,
I'm trying to configure Shibboleth IdP (ver 3.2.1) to authenticate against
FreeIPA's LDAP component. So far authentication and attribute release is
working.
When I tried to configure the password expiration, it does not work. I
tried the "account state" section of
https://wiki.shibboleth.net/confluence/display/IDP30/LDAPAuthnConfiguration
but could not get it it working.
FreeIPA has an user attribute "krbPasswordExpiration" which is the time
when the password expires.
How to use this attribute for redirecting the user to the password
expiration page ?
Looking at Ldaptive's GIT <https://github.com/vt-middleware/ldaptive>,
there is a FreeIPAAuthenticationResponseHandler
<https://github.com/vt-middleware/ldaptive/blob/master/core/src/main/java/org/ldaptive/auth/ext/FreeIPAAuthenticationResponseHandler.java>
in the latest version. Is it advisable to use this ?
Thanks.
--Prashant
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://shibboleth.net/pipermail/users/attachments/20160405/f49b43f0/attachment.html>
More information about the users
mailing list